In order to add an arbitrary function (for example, malicious code detection function, digital copyright management function, etc.) to an application program that does not have a source code or is commercially available, hooking technologies should be used. In this instance, an operation of enabling a specific function module to penetrate into an address space of a process corresponding to a corresponding application program is referred to as “injection” or “insertion”.
Meanwhile, in an operating system (OS) of a protection mode environment, as existing methods proposed in order to inject a module performing a specific function into an area of a process corresponding to an application program, a method of using a registry (AppInt_DLLs), a method of using a window hooking function (SetWindowsHook), a method of using a remote thread (CreatRemoteThread), a method of using a kernel callback function (Process Create Notify Callback+CreateRemoteThread), and the like may be given. However, the method of using the registry may be applicable only to an application program using User32.dll, and the method of using the window hooking function may not be applicable to an imperative execution program that does not use a graphic user interface (GUI). In addition, the method of using the remote thread may not be applicable to a program that is newly executed, and the method of using the kernel callback function may have exceptions that occur due to a point of time problem. Furthermore, in the conventional injection method described above, a separate remedy for a user account control (UAC) function is required with respect to OSs such as Vista, Windows 7, and the like.